Ethical Hacking News
Google has released a comprehensive patch for 107 vulnerabilities in its Android operating system, including two high-severity zero-day exploits that have been actively targeted by attackers. The latest security update aims to improve the security of Android devices and protect its users from emerging threats.
Google released a comprehensive patch for 107 vulnerabilities in its Android operating system.The update includes fixes for two zero-day exploits that have been actively targeted by attackers.The high-severity vulnerabilities are an information disclosure issue and an elevation-of-privilege issue.A critical vulnerability, CVE-2025-48631, was fixed in the Android Framework, allowing an attacker to cause a denial-of-service (DoS) attack.Google also addressed 51 flaws on Android Framework and System components, as well as 56 bugs in the Kernel and third-party closed-source components.
Google has taken a proactive step to secure its users' devices by releasing a comprehensive patch for 107 vulnerabilities in its Android operating system. The latest security update, released on December 2, 2025, includes fixes for two zero-day exploits that have been actively targeted by attackers.
The two high-severity vulnerabilities, tracked as CVE-2025-48633 and CVE-2025-48572, are a significant threat to the security of Android devices. The first vulnerability, CVE-2025-48633, is an information disclosure issue that could allow an attacker to gain access to sensitive data on an Android device. The second vulnerability, CVE-2025-48572, is an elevation-of-privilege issue that could enable an attacker to execute arbitrary code on an Android device.
The severity of these vulnerabilities was highlighted by Google's December 2025 Android security bulletin, which noted that there were indications of limited, targeted exploitation of these flaws. This suggests that attackers have already begun using these vulnerabilities to launch sophisticated attacks against Android devices.
The most critical vulnerability fixed in this month's update is CVE-2025-48631, a denial-of-service (DoS) flaw in the Android Framework. This vulnerability could allow an attacker to cause an Android device to become unresponsive and crash.
In addition to fixing these two high-severity vulnerabilities, Google has also addressed 51 flaws on Android Framework and System components, as well as 56 bugs in the Kernel and third-party closed-source components. The patches for these vulnerabilities were released under two separate patch levels: the 2025-12-01 Patch Level and the 2025-12-05 Patch Level.
The December 2025 security update is a significant improvement over previous updates, which may not have addressed as many vulnerabilities. However, it's worth noting that older Android versions, including those running Android 10 and later, will still receive some crucial fixes via Google Play system updates.
In light of this latest security patch, users are advised to keep their devices up to date with the latest security patches, and to enable Play Protect, a feature that can detect and block documented malware and attack chains. Additionally, users on older Android versions should consider moving to a newer device model or switching to a third-party distribution that regularly incorporates Google's security fixes.
In conclusion, Google's proactive approach to patching its Android operating system is a significant step forward in ensuring the security of its users' devices. By addressing 107 vulnerabilities, including two zero-day exploits, Google has demonstrated its commitment to protecting its users from the latest and most sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Googles-Decisive-Action-Patches-107-Android-Flaws-Including-Two-Zero-Day-Vulnerabilities-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/
https://nvd.nist.gov/vuln/detail/CVE-2025-48633
https://www.cvedetails.com/cve/CVE-2025-48633/
https://nvd.nist.gov/vuln/detail/CVE-2025-48572
https://www.cvedetails.com/cve/CVE-2025-48572/
https://nvd.nist.gov/vuln/detail/CVE-2025-48631
https://www.cvedetails.com/cve/CVE-2025-48631/
Published: Tue Dec 2 09:02:46 2025 by llama3.2 3B Q4_K_M
